<TABLE WIDTH="750"  border="0" ALIGN="center" CELLPADDING="0" CELLSPACING="0">
  <TR>
            <TD width="10" vAlign=top</TD>
          <TD width="740" vAlign=top colspan="2">

      &nbsp;&nbsp;<IMG SRC="images/menu/textmenu_member.gif" BORDER="0">
				<TABLE width="740" align=center cellSpacing=0 cellPadding=0 border=0>
				<TR>
					<TD height="1" class="dotline" ></TD>
				</TR>
      <TR><td>
<?

empty($_POST['user_login']) ? $user_login="" : $user_login=$_POST['user_login'];
empty($_POST['pwd_login']) ? $pwd_login="" : $pwd_login=$_POST['pwd_login'];

//ระบบสมาชิกเสริม maxsite 1.10 พัฒนาโดย www.narongrit.net
if(USE_CAPCHA){ check_captcha($_POST['security_code']); }

if(isset($user_login) and isset($pwd_login)) {
    
    $db->connectdb(DB_NAME,DB_USERNAME,DB_PASSWORD);
    $sql = sprintf("SELECT * FROM ".TB_ADMIN." WHERE username='%s' AND password='".md5('%s')."'",
            mysql_real_escape_string($user_login),
            mysql_real_escape_string($pwd_login)
            );
    
    $res['admin'] = $db->select_query($sql); 
    $rows['admin'] = $db->rows($res['admin']);
    
    if($rows['admin']){
            $arr['admin'] = $db->fetch($res['admin']);
    }
    
    if ($arr['admin']['username']){
    session_unset($login_true);
    
	//Login ผ่าน
	ob_start();
	$_SESSION['admin_user'] = $user_login ;
	$_SESSION['admin_pwd'] = md5($pwd_login) ;
	$_SESSION['CKFinder_UserRole'] ='admin';
	session_write_close();
	ob_end_flush();
			$timeoutseconds=time()+(20*60*1000);
			$_SESSION['timestamp2']=$timeoutseconds;
			$timeout=$timeoutseconds;
	//////////////////////		 เพิ่ม  สมาชิกออนไลน์   ////////////////////////////

			$db->connectdb(DB_NAME,DB_USERNAME,DB_PASSWORD);
			$res['user2'] = $db->select_query("SELECT * FROM ".TB_useronline." WHERE useronline='".$_SESSION['admin_user']."' ");
			$rows['user2'] = $db->rows($res['user2']); 
			$db->closedb ();
			
			if($rows['user2']){

				$db->connectdb(DB_NAME,DB_USERNAME,DB_PASSWORD);
				$db->update_db(TB_useronline,array(
					"post_date"=>"".$_SESSION['timestamp2']."",
					"timeout"=>"".$timeout."",
					"ip"=>"".$IPADDRESS.""
				)," useronline='".$_SESSION['admin_user']."' ");
				$db->closedb ();
			
			}else{
				$db->connectdb(DB_NAME,DB_USERNAME,DB_PASSWORD);	
				$db->add_db(TB_useronline,array(
					"post_date"=>"".$_SESSION['timestamp2']."",
					"useronline"=>"".$_SESSION['admin_user']."",
					"timeout"=>"".$timeout."",
					"ip"=>"".$IPADDRESS.""
			));
			
			}


?>
				<TABLE width="700" align=center cellSpacing=0 cellPadding=0 border=0>
				<TR>
					<TD>
<BR><BR>
<CENTER><A HREF="?name=admin&file=main"><IMG SRC="images/icon/login-welcome.gif" BORDER="0"></A><BR><BR>
<FONT COLOR="#336600"><B><?=_FORM_MAIN_WELCOME;?></B></FONT><BR><BR>
<A HREF="?name=admin&file=main"><B><?=_MENU_MAIN_INDEX;?></B></A>
</CENTER>
</td>
</tr>
</table>
<? echo "<meta http-equiv='refresh' content='1; url=index.php'>" ; ?>
<BR><BR>
<?
    } else {
        
        $user_sha1 = sha1($pwd_login);
        $sql = sprintf("SELECT user, password FROM ".TB_MEMBER." WHERE user='%s' AND password='".$user_sha1."'",
            mysql_real_escape_string($user_login)
            );
$result = mysql_query($sql) ;
$num = mysql_num_rows($result) ;

if($num<=0) {
	$showmsg=""._MEMBER_MOD_FORM_LOGIN_NOACC."";
	showerror($showmsg);
        refresh_uri('index.php');
}
else {
$dbarr = mysql_fetch_array($result) ;
if($user_login != $dbarr['user'] && $user_sha1 != $dbarr['password']){
	$showmsg=""._MEMBER_MOD_FORM_LOGIN_NOUSER."";
	showerror($showmsg);
	refresh_uri('index.php');
}
else {
//session_start() ;
$db->connectdb(DB_NAME,DB_USERNAME,DB_PASSWORD);
	mysql_query("UPDATE ".TB_MEMBER." SET lastlog=dtnow WHERE user='$user_login'");
	mysql_query("UPDATE ".TB_MEMBER." SET dtnow='$now' WHERE user='$user_login'");

	$showmsg=""._MEMBER_MOD_FORM_LOGIN_PASS."";
	showerror($showmsg);
//session_start();
ob_start();
//session_start();
$_SESSION['login_true']=$user_login;
$_SESSION['pwd_login']=$user_sha1;
session_write_close();
ob_end_flush();

			$timeoutseconds=time()+(20*60*1000);
			$_SESSION['timestamp2']=$timeoutseconds;
			$timeout=$timeoutseconds;
//////////////////////		 เพิ่ม  สมาชิกออนไลน์   ////////////////////////////
			$db->connectdb(DB_NAME,DB_USERNAME,DB_PASSWORD);
			$res['user2'] = $db->select_query("SELECT * FROM ".TB_useronline." WHERE useronline='".$_SESSION['login_true']."' ");
			$rows['user2'] = $db->rows($res['user2']); 
			$db->closedb ();
			
			if($rows['user2']){

				$db->connectdb(DB_NAME,DB_USERNAME,DB_PASSWORD);
				$db->update_db(TB_useronline,array(
					"post_date"=>"".$_SESSION['timestamp2']."",
					"timeout"=>"".$timeout."",
					"ip"=>"".$IPADDRESS.""
				)," useronline='".$_SESSION['login_true']."' ");
				$db->closedb ();
			
			}else{
				$db->connectdb(DB_NAME,DB_USERNAME,DB_PASSWORD);	
				$db->add_db(TB_useronline,array(
					"post_date"=>"".$_SESSION['timestamp2']."",
					"useronline"=>"".$_SESSION['login_true']."",
					"timeout"=>"".$timeout."",
					"ip"=>"".$IPADDRESS.""
			));
			
			}


//echo "<meta http-equiv='refresh' content='0.5;url=\"".$HTTP_REFERER."\"'>" ;

echo "<meta http-equiv=refresh content='3;URL=index.php'>" ;
//exit() ;
				}
				}
				}
}
?>
</td></tr>
</table>
</td>
</tr>
</table>